docs: add security section for file access configuration
- Document that default access is to home directory - Explain how to restrict access using MCP_PROJECT_ROOT - Remove API key warning as requested (applies to all MCP servers) This helps users understand the security model and how to configure it for their specific needs.
This commit is contained in:
Fahad
14
README.md
14
README.md
@@ -747,6 +747,20 @@ When using any Gemini tool, always provide absolute paths:
|
|||||||
❌ "Use gemini to analyze ./src/main.py" (will be rejected)
|
❌ "Use gemini to analyze ./src/main.py" (will be rejected)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Security & File Access
|
||||||
|
|
||||||
|
By default, the server allows access to files within your home directory. This is necessary for the server to work with any file you might want to analyze from Claude.
|
||||||
|
|
||||||
|
**To restrict access to a specific project directory**, set the `MCP_PROJECT_ROOT` environment variable:
|
||||||
|
```json
|
||||||
|
"env": {
|
||||||
|
"GEMINI_API_KEY": "your-key",
|
||||||
|
"MCP_PROJECT_ROOT": "/Users/you/specific-project"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
This creates a sandbox limiting file access to only that directory and its subdirectories.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
1. Clone the repository:
|
1. Clone the repository:
|
||||||
|
|||||||
Reference in New Issue
Block a user